tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" am: ca648a0217 am: 30491f5575 am: 2d0ab31dbb

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2168846

Change-Id: I93f4e2b3bab30bb1c228e168c3b339df36e9aee4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2022-08-02 00:19:27 +00:00 committed by Automerger Merge Worker
commit 170f94c386
1 changed files with 8 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
KeyStorage.cpp
View file

@ -117,9 +117,13 @@ static void hashWithPrefix(char const* prefix, const std::string& tohash, std::s
SHA512_Final(reinterpret_cast<uint8_t*>(&(*res)[0]), &c); SHA512_Final(reinterpret_cast<uint8_t*>(&(*res)[0]), &c);
} }
// Generates a keystore key, using rollback resistance if supported. static bool generateKeyStorageKey(Keystore& keystore, const std::string& appId, std::string* key) {
static bool generateKeystoreKey(Keystore& keystore, const km::AuthorizationSetBuilder& paramBuilder, auto paramBuilder = km::AuthorizationSetBuilder()
std::string* key) { .AesEncryptionKey(AES_KEY_BYTES * 8)
.GcmModeMinMacLen(GCM_MAC_BYTES * 8)
.Authorization(km::TAG_APPLICATION_ID, appId)
.Authorization(km::TAG_NO_AUTH_REQUIRED);
LOG(DEBUG) << "Generating \"key storage\" key";
auto paramsWithRollback = paramBuilder; auto paramsWithRollback = paramBuilder;
paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE); paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
@ -132,23 +136,13 @@ static bool generateKeystoreKey(Keystore& keystore, const km::AuthorizationSetBu
return true; return true;
} }
static bool generateKeyStorageKey(Keystore& keystore, const std::string& appId, std::string* key) {
auto paramBuilder = km::AuthorizationSetBuilder()
.AesEncryptionKey(AES_KEY_BYTES * 8)
.GcmModeMinMacLen(GCM_MAC_BYTES * 8)
.Authorization(km::TAG_APPLICATION_ID, appId)
.Authorization(km::TAG_NO_AUTH_REQUIRED);
LOG(DEBUG) << "Generating \"key storage\" key";
return generateKeystoreKey(keystore, paramBuilder, key);
}
bool generateWrappedStorageKey(KeyBuffer* key) { bool generateWrappedStorageKey(KeyBuffer* key) {
Keystore keystore; Keystore keystore;
if (!keystore) return false; if (!keystore) return false;
std::string key_temp; std::string key_temp;
auto paramBuilder = km::AuthorizationSetBuilder().AesEncryptionKey(AES_KEY_BYTES * 8); auto paramBuilder = km::AuthorizationSetBuilder().AesEncryptionKey(AES_KEY_BYTES * 8);
paramBuilder.Authorization(km::TAG_STORAGE_KEY); paramBuilder.Authorization(km::TAG_STORAGE_KEY);
if (!generateKeystoreKey(keystore, paramBuilder, &key_temp)) return false; if (!keystore.generateKey(paramBuilder, &key_temp)) return false;
*key = KeyBuffer(key_temp.size()); *key = KeyBuffer(key_temp.size());
memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size()); memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
return true; return true;